Eweek reports that security experts finally have a handle on mystery malware that was generating loads of suspicious IP traffic over the last few weeks. Researchers at Internet Security Systems Inc. say the culprit, which was first thought to be a new breed of Trojan, is actually a distributed network mapping tool that also acts as a listening agent. Dubbed Stumbler, the agent is not considered malicious right now because it contains no payload, but it has the potential to generate enough IP traffic to hamper network performance. What has experts most concerned is the ease with which Stumber could be reprogrammed to make it more damaging. "We're really more interested in the next version because it could easily become a worm," said Dan Ingevaldson, team lead on ISS' X-Force research and development team in Atlanta, which tracked down the Stumbler agent. "You should defnitely remove it if you find it. And you should be concerned about how it got there because someone had to put it there intentionally." ISS officials said it's impossible to say how many machines have been infected with Stumbler, though the amount of traffic being generated by the agent, which scans random IP address and looks for other versions itself, indicates at least several hundred infections.